modified ntoskrnl/ex/sysinfo.c

   MaxSystemInfoClass is now much larger than the size of the CallQS table: use the actual size of the table in range checks to prevent an overrun
   Fixes CID 527, CID 528

svn path=/trunk/; revision=37616

diff --git a/reactos/ntoskrnl/ex/sysinfo.c b/reactos/ntoskrnl/ex/sysinfo.c
index 4589adc..4b99067 100644 (file)
--- a/reactos/ntoskrnl/ex/sysinfo.c
+++ b/reactos/ntoskrnl/ex/sysinfo.c
@@ -1794,6 +1794,9 @@ CallQS [] =
        SI_QX(SystemSessionProcessesInformation)
 };
 
+C_ASSERT(SystemBasicInformation == 0);
+#define MIN_SYSTEM_INFO_CLASS (SystemBasicInformation)
+#define MAX_SYSTEM_INFO_CLASS (sizeof(CallQS) / sizeof(CallQS[0]))
 
 /*
  * @implemented
@@ -1825,7 +1828,7 @@ NtQuerySystemInformation (IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
       /*
        * Check the request is valid.
        */
-      if (SystemInformationClass >= MaxSystemInfoClass)
+      if (SystemInformationClass >= MAX_SYSTEM_INFO_CLASS)
         {
           _SEH2_YIELD(return STATUS_INVALID_INFO_CLASS);
         }
@@ -1892,8 +1895,8 @@ NtSetSystemInformation (
        /*
         * Check the request is valid.
         */
-       if (    (SystemInformationClass >= SystemBasicInformation)
-               && (SystemInformationClass < MaxSystemInfoClass)
+       if (    (SystemInformationClass >= MIN_SYSTEM_INFO_CLASS)
+               && (SystemInformationClass < MAX_SYSTEM_INFO_CLASS)
                )
        {
                if (NULL != CallQS [SystemInformationClass].Set)